Responsible Disclosure Policy

Interlock Roofing Ltd.

July 2, 2026 July 2, 2026

TL;DR

If you discover a security vulnerability in our websites or systems, we want to hear from you. Report it privately to [email protected], give us reasonable time to fix it, and act in good faith — and we won't pursue legal action for good-faith research that follows this policy.

Table of Contents

  1. 1. Scope
  2. 2. How to Report
  3. 3. Guidelines (Safe Harbor)
  4. 4. What to Expect
  5. 5. Please Do Not

1. Scope

This policy applies to internet-facing systems owned or operated by Interlock (interlockroofing.com and related properties). Out of scope: third-party services we do not control, physical attacks, social engineering of staff or dealers, and denial-of-service.

2. How to Report

Email [email protected] with steps to reproduce, the affected URL or endpoint, and the impact. A machine-readable /.well-known/security.txt advertises this contact.

3. Guidelines (Safe Harbor)

Act in good faith; avoid privacy violations, data destruction, and service disruption; only interact with accounts you own or have permission to test; do not exfiltrate more data than necessary to demonstrate the issue; and give us reasonable time to remediate before public disclosure. Research conducted consistent with this policy is authorized, and we will not pursue or support legal action against you for it.

4. What to Expect

We aim to acknowledge reports within 3–5 business days, provide an assessment, and keep you updated through remediation. We do not currently operate a paid bug-bounty program; we are happy to credit reporters who wish it.

5. Please Do Not

Do not access, modify, or delete others' data; do not publicly disclose before we have remediated; and do not use findings for any purpose other than good-faith reporting.

Related Legal Policies

These policies work together to govern your use of our website, services, communications, and data practices.